Search

Subscribe

Could Keith Alexander's Advice Possibly Be Worth $600K a Month?

Ex-NSA director Keith Alexander has his own consulting company: IronNet Cybersecurity Inc. His advice does not come cheap:

Alexander offered to provide advice to Sifma for $1 million a month, according to two people briefed on the talks. The asking price later dropped to $600,000, the people said, speaking on condition of anonymity because the negotiation was private.

Alexander declined to comment on the details, except to say that his firm will have contracts "in the near future."

Kenneth Bentsen, Sifma's president, said at a Bloomberg Government event yesterday in Washington that "cybersecurity is probably our number one priority" now that most regulatory changes imposed after the 2008 credit crisis have been absorbed.

SIFMA is the Securities Industry and Financial Markets Association. Think of how much actual security they could buy with that $600K a month. Unless he's giving them classified information.

But don't worry, everything Alexander knows will only benefit the average American like you and me. There's no reason to suspect that he is trading his high level of inside knowledge to benefit a bunch of rich people all around the globe. Because patriotism.

Or, as Recode.net said: "For another million, I'll show you the back door we put in your router."

Comments

Is that even allowed in this very special case. I have read some software engineers had contracts that prohibited them from working at a competitor for a certain time period, or something on that note.

@readerrrrrr: yes some software engineers have non-compete agreements in their contracts. It's also common for bookkeepers and accountants. There are likely other fields where it is also common.

Non-compete doesn't apply in this case though.
a) government entities are in theory not competing with private companies in general
b) IronNet Cybersecurity Inc. specifically does not provide the same services as the NSA. The NSA has ceased its mission of securing American communications in favor of its other mission of defeating communication security.

One question: Do these guy Alexander and Hayden still have clearance to log into Xkeyscore?
The point is: The US government says it does not give any information of its spying to domestic companies. Good. But at this conference,

Of course, however, he's probably not selling security, but he's selling access to people: contact in the senate, in the administration, etc.

Yet even so, this price does seem suspiciously high, "Securities Industry and Financial Markets Association" is a bit out of his normal wheelhouse. Basically, I would have expected such a deal, but the other party would be Ratheon, Boeing, Booze/Allen/Hamilton, or some other defense contractor/beltway bandit.

I worked for companies that payed around $700.00 an hour per resource to consultants from bigname firms. Used them for a few months. Six or seven of them would total 40x4x700 = 448000 a month. Who knows how many resources he's "putting on it" and how much an hour they charge...

That article sounds like it's security consulting. I don't know about you, but for $600k a month, I would hire a lot of people from a lot of different backgrounds: former black hats, white hats, academics, specializing in networking, software, systems, etc. For an average of about $300 per hour, you should be able to get a dozen really good people auditing systems, auditing code, doing penetration testing, etc.

Let's all remember in this discussion the so-called "Revolving Door" of the Pentagon and intelligence circles. Various companies, especially defense contractors, get plenty of money and support from government organizations. Way more than they could ever justify. Those senior people that authorized it later leave the public sector and get six figure jobs at the private companies they benefited. Seemless corruption.

So, if they're paying $600k/mo, I think there's a form of corruption at play rather than mere security knowledge transferring. Alexander is getting paid back for something already done or being paid for something that will be done.

If it was about security and I was Alexander, I'd have the NSA do their security under some "public-private partnership for national security" where I pocketed the cash and the taxpayers covered way more in actual security. It's public knowledge that NSA has done plenty of stuff like that in the past that benefited certain companies much more than others. I could see a corrupt version of it.

I forgot to mention that it's a joke to go to him for that to begin with. The US govt's track record is military and state department loosing unknown number of documents to Wikileaks, followed by NSA and top contractor loosing unknown number of documents to Snowden. And each loss could've been prevented or at least detected by standard commercial security that apparently wasn't applied. I've seen a grocery chain do better despite an IT department of 2-3 people with $500k/yr total annual budget.

If anything, the Alexander and NSA need to be paying consultants $600,000 a month worth of security advice *for them*.

@Nick P,
Give the guy a break! That's just pure... jealousy! He is used to paying $500.00 for a hammer. So 600K a month is within reasonable range. Let's just hope he "tweets" his "findings" so we get "free" advice :)

I fear that @Bruce Schneier is "scoping" and anchoring us to a figure! His next post will say:

My next book is not for $600K, not even 400K! It's on sale for 75K, it has advice that’ll cost you 1.2M a year, and I'll sign it for free, too! Matter of fact, that guy took the advices from my book. Forget real estate! Buy one copy of this book, and you'll be on your way to charging 600K a month. Now go ahead, buy the book, and be somebody!

Oh he knows exactly where every exploit/vulnerability/implant is in everything. And he can always say he "found the vulnerability or backdoor" rather than leaking it. How convenient! It might be worth the money to find all that shit, although I consider this no more ethical than what the Cryptolocker boys do.

Alexander has presided over the greatest system security breaches in our time, all in the name of national security. How could anyone trust him to secure their systems, and not to facilitate the opening of those systems to national intelligence?

If it were me as CEO, Alexander couldn't pay me enough to use his services.

If I had an icnome of 600k/month and in need for a security guru, I would propably hire Bruce over Keith - eventhough Mr. Alexander might know exactly what's going on secretly under the hood, I just can't help it but I feel one of these gentlemen would stab me in the back at any given point. The other man seems to be actually concerned about the issue, maybe because he understand he's in the very same boat as us.

I am not sure he is worth it moneywise, however: he has alot of knowledge which goes both ways: He knows alot of stuff and for that he is rewarded somehow perhaps as a thank you for drinking a cup of "Shut the fuck up".

Secondary he is a value for ALOT of companies that want some nice contracts with the Governement, that are willing to go that extra mile and pay him some unusual amount of money.

Allthough I somehow think that the first option is more valid...

When it comes to his knowhow etc I cant tell, but I doubt he is stupid.
Whats money anyway, give him 2 million a month for all I care.

I've always wondered how much of former officials doing lobbying relates to knowing "where the bodies are buried", metaphorically speaking.

You go up to one of your former co-workers who's still in government.

"Hi, I'm getting paid $500/hour to ask you to do . Think you can do it? If you don't, then I'll lose my job..."

They don't need to say it that way; everybody knows how it works. Not only do they not necessarily need to remind anybody about the secrets they know, they might not even need to know them. If you've done something wrong you don't want to take the risk that your former boss or co-worker knows and can reveal something nefarious, some mistake you made, etc.

Former NSA chief Alexander, and who knows how many others, can make millions in consulting only because the It industry and experts have not even started working on computing solutions that would make such knowledge useless because they are so extremely simplified in sw and hw, to afford and allow for extreme verification of all hw and sw involved at all stages, including manufacturing and design of any critical components.

Possibly,the main problem is the same that has prevented us to see how far NSA had gone. There is a problem in the dynamics of IT security media and blogs, similar to other sectors, where a range of acceptable opinions are created, out of which all are paranoid.

Experts are still differentiating between mass surveillance and targeted surveillance. Whereas if what the most pessimist day about hardware vulnerabilities is true, than large scale undetectable targeted surveillance may be so low cost to render any encryption tools we are using or improving useless for the masses (or at least for its most active citizenry).

Arthur Sinodinos, former assistant federal treasurer for the Australian Government received a $200,000 salary for 10 days work.

Senator Sinodinos, a former Australian Water Holdings (AWH) director and NSW Conservative Liberal Party treasurer stood to make up to $20 million if AWH won a lucrative contract with the state-owned Sydney Water company. Senator Sinodinos told the hearing he did not know AWH paid $75,000 in donations to the Liberal Party when he was on the AWH board and NSW Liberal Party treasurer.

Senator Sinodinos spent between 25 and 45 hours a year working as a director for AWH for a $200,000 salary, though he stated he sometimes travelled 90 minutes to a meeting and that should be considered part of the time that he worked. Senator Sinodinos also stated "I participated in the board discussion."

- So you see, some people talk at work, spend a couple days a year at work, and drive to work, which they consider quite an effort, and so feel they are entitled to the ludicrous amounts of money they receive.

Note - Australian Water Holdings is currently the focus of very serious ongoing corruption investigations by the NSW Independent Commission Against Corruption.

Hey, based on the number of hours he worked, those 90 travel minutes are a significant fraction of his work time. Instead of between $4400 and $8000/hr, he might've only been getting $3000 or $4000/hr. Much more reasonable!

This reminds me of a story I read a few years ago. Prisons in California have a problem with contraband being smuggled in - often by prison guards. The problem is that the prison guard union agreement makes it effectively impossible for the guards to be searched before they work.

That sounded pretty bad to me. I had to keep reading to understand how a contract like that could've been signed. It turned out that the contract required that any time spent going through security procedures would be considered part of their paid work time.

So: Their employer wanted to tell them to wait in line, on the job site, doing things that the employer asked, but not getting paid. I'm gonna side with the union on this one.

My favorite Alexander-ism was when Maine Senator Collins asked if it was true that Snowden could listen to phone calls from his desk. Alexander gave a helpless look and said that was false, that he knew of no technology that would allow that.

CALEA is a 1995 law that requires a government port on every phone switch in America, and requires intercepted communications to be immediately conveyed off of phone company premises.

Sprint won the contract for backhaul from switches with their Peerless IP Network.

The FBI is very proud of DCSNet, which isn't a network at all, it's a Windows application. The FBI describes it as a point-and-click browser for virtually any in-progress phone call in America, land-line or mobile, using the CALEA switch ports and the Peerless IP Network.

Urbane, professional, General Alexander had no knowledge of these long-standing government wiretapping resources. I, living in rural Central Texas amidst the cattle, coyotes, and other decent, honest critters wandering the prairie knew all about it.

Clearly I am more qualified than General Alexander, and I'll work for just $500,000 a month. I'm a bargain!

Bruce, You are likely seriously undercharging for your consulting services. In our economy, things - including consulting services - are worth what you can get for them. Alexander's prior careers (plural) make him worth the kind of money that is being discussed to those who want and need him. Consider this: if he positively influences a Board of Directors to increase their focus on security and privacy, he easily pays for himself. You can dislike and distrust him and his past activities if you want, but you can not deny that he has the stature to command attention where it matters most in corporate America: in the board rooms and offices of the decision makers. Moreover, he - of all people - knows quite well what happens to someone who leaks classified information. After all, in his recent NSA job, it was his classified information that Snowden raided.

Moreover, he [Alexander] - of all people - knows quite well what happens to someone who leaks classified nformation. After all, in his recent NSA job, it was his classified nformation that Snowden raided.

He also knows that senior staff don't get touched for security violations that lesser mortals would get the equivalent of whole life sentances for. As has been seen by an ex head of the CIA and others like Dept Sec of State Richard Armitage in Plamegate, even Scooter Libby got to walk away from a thirty month jail sentance even though convicted of lying to Federal Investigators and a grand jury (it's been said that no full pardon for Libby came from Bush due to the behaviour of Dick Cheney "souring the pitch").

It is the old "Ceasers Wife is above suspicion" mentality that also makes the likes of banks "to big to fail" etc when they have commited the equivalent of criminal activity, the small fish get fried while the big fish have a whale of a time... Alexander knows which side of the dividing line he's on and is thus going to make it big, arguably much bigger than he would have been without the Ed Snowden Revelations which will bolster his worth for many many years to come, providing he "milks it right".

Looks like KAs new job is organized federal civilian information sharing in cybersecurity. So it's not leaking, it's a new private public partnership mission...

"The National Cybersecurity and Communications Integration Center Act of 2014 would codify the existing cybersecurity and communications operations center at DHS, known as the National Cybersecurity and Communications Integration Center. The bill calls on the center is to serve as the federal civilian information sharing interface for cybersecurity."

"Washington, D.C., June 25, 2014-SIFMA today released the following statement from Kenneth E. Bentsen, Jr., SIFMA president and CEO on the passage of the National Cybersecurity and Communications Integration Center Act of 2014 by the Senate Committee on Homeland Security and Governmental Affairs: ... We applaud the legislation's codification of the NCCIC and its recognition of the capabilities that the NCCIC provides to the financial services sector as well as the critical infrastructure sectors that we rely on to operate.""

Looks like the pieces are falling into place. I'd suggest looking at what committees Mike Rodgers (the whore and ass) and marry that with Alexander's new assignment...where do you think this is going? I have an idea and the DHS, FCC, NTIA, the telcos, and a few contracting "orgs" are in on scheme...it's all a matter of connecting the dots. Just make sure you do before the dot turns red and appears on all your shirts and hats.

‘‘(e) NO RIGHT OR BENEFIT.—The provision of as-
sistance or information to, and inclusion in the operations
center of, governmental or private entities under this sec-
tion shall be at the discretion of the Under Secretary ap-
pointed under section 103(a)(1)(H). The provision of cer-
tain assistance or information to, or inclusion in the oper-
ations center of, one governmental or private entity pursu-
ant to this section shall not create a right or benefit, sub-
stantive or procedural, to similar assistance or information
for any other governmental or private entity.’’."

"“The Germans want FISA reform now and that’s definitely going to be a
focus of conversation,” Tom Kellermann, chief cybersecurity officer at
Trend Micro, told MC. “But I’d suggest ... begin to strategically think about how to defend against punitive
cyber sanctions by Russia should further economic sanctions be put into
effect.”"